Search results for: new york

Listen to this post

The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers by exploiting a website error on its car insurance application portal. Namely, upon entering a publicly available name and address, the site would generate a prefilled PDF that included that person’s drivers’ license number, which numbers were pulled from third-party databases. Threat actors used an automated bot to exploit this vulnerability, and gathered drivers’ license numbers of 44,449 New Yorkers (more than half of the total 72,852 people impacted). The threat actors then used many of these people’s information to file fake unemployment claims with New York, which according to the AG, was the goal of the attack.

Continue Reading Auto Insurer Settles With New York AG Over Insurance Application Platform Security Issues
Listen to this post

The New York Attorney General recently entered into an assurance of discontinuance with Saturn Technologies, operator of an app used by high school and college students. The app was designed to be a social media platform that assists students with tracking their calendars and events. It also includes connection and social networking features and displayed students’ information to others. This included students’ location and club participation, among other things. According to the NYAG, the company had engaged in a series of acts that violated the state’s unfair and deceptive trade practice laws.

Continue Reading New York AG Settles with School App
Listen to this post

New York has a new AI-related law which took effect January 1. The law regulates creation and use of digital replicas of an individual’s voice or likeness and is similar to those in California and Tennessee.

Continue Reading New Year, New Protections for New York Artists and AI-Generated Replicas
Listen to this post

As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the change to the definition of personal information does not take effect until March 21, 2025.

Continue Reading New York Modifies Data Breach Law Heading Into 2025
Listen to this post

The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from two ransomware attacks in 2023. The AG argued that the company had violated New York’s data security law, resulting in the incident. As part of the settlement, Albany ENT agreed to pay $2.75 million in civil penalties and to implement additional security measures.

Continue Reading New York AG Settles EnforcemENT Action with ENT
Listen to this post

New York’s governor recently signed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act. Although signed, the law will not be effective until after the New York Attorney General creates implementing regulations. The law is aimed at protecting children under 18 from social media companies’ “addictive feeds.” Addictive feeds are defined to include platforms and services that recommend content based on information from the user’s activity or device. Among other things, the law will:

Continue Reading New York Law Seeks to Regulate Addictive Social Media Feeds
Listen to this post

New York Attorney General Letitia James recently published a guide to help companies in preparing their data security programs and responding to data security incidents. The security program recommendations are paired with highlights from recent investigations by the Attorney General that provide valuable insights into what the Attorney General views as data security pitfalls that should be remedied.

Continue Reading New York AG Releases Guide for Business Data Security

New York’s Attorney General Letitia James recently secured a $1.9 million settlement from online retailer Zoetop Business Company, Ltd. to settle allegations that Zoetop had improperly handled a 2018 data breach and subsequent consumer notification. The scrutiny given to Zoetop provides insights into the NYAG’s expectations around breach investigations and response.

Continue Reading Lessons From New York AG Scrutiny of Breach Investigation and Response

Beginning January 1, 2023, New York City will restrict employers from using artificial intelligence to make employment decisions unless they follow certain guidelines. The local law applies to employment decisions made “within the city” regarding job applicants and promotion decisions.

Continue Reading New York City Set To Regulate Employment Decisions Made By AI

Artificial Intelligence is here to stay and New York City has enacted legal guidelines for employers who use it. NYC’s Automated Employment Decision Tools (AEDT) law will, effective January 1, 2023, set new standards for employers using AI tools in making employment decisions.

Continue Reading Silver Lining in New York City? New Requirements For Using A.I. in Employment Decisions